[CentOS] Find reason for heavy load

Wed Dec 30 05:56:15 UTC 2009
Noob Centos Admin <centos.admin at gmail.com>


> last time I saw something like that, it was a bunch of chinese 'bots'
> hammering on my public services like ssh.
>another admin had turned
> pop3 on too, this created a very heavy load yet they didn't show up in
> top (bunches of pop3 and ssh processes showed up in ps -auxww,
> however, plug netstat -an

Unfortunately the server is meant for web/email purposes so I can't
turn off pop3/smtp. Naturally ps shows up a lot of httpd/mysql &
exim/dovecot processes but a cursory glance doesn't see any suspicious

Similarly, I did a quick look at netstat -an and most of the IP are
from local ISP that my clients are using.

One thing that occurred to me is, does using iptables to block smtp
attempt uses more "system" resources as opposed to letting the bot
flood my smtp logs with pointless attempts? :)